Boston, MA, USA; 19 June 2007 -- OASIS, the international standards consortium, today announced that its members have approved the Content Assembly Mechanism (CAM) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. CAM provides an open, XML-based system for using business rules to define, validate, and compose specific business documents from generalized schema elements and structures. CAM also provides the foundation for creating industry libraries and dictionaries of schema elements and business document structures to support business process needs.

"CAM has been described as a Swiss army knife for XML structures," said David Webber, chair of the OASIS Content Assembly Mechanism (CAM) Technical Committee. "That's because CAM addresses the three issues that are crucial for automated information integration. It delivers the capability to design transactions consistently, to document their usage clearly, and to drive software that can apply rules and test information content correctly."

CAM can be used wherever manipulation or validation of information content structures is required. The most widely used application is the validation of content passing through a messaging system, where CAM ensures that the information received is compatible with the supported business systems. CAM can also direct the creation or processing of transactions in a business process engine or be deployed as a Web service to allow trading partners to pre-validate XML instances before using them in message exchanges.

"Before a Web service can exchange XML data between applications, the information usually needs to be validated and transformed," explained Patrick Gannon, president and CEO of OASIS. "CAM offers a new way to accomplish this by using specialized templates that allow contextual business rules to be applied to any XML structure. These business rules can be used to validate the structure or to transform XML data to fit a specified form."

The CAM OASIS Standard was developed by representatives of AmberPoint, the U.S. National Institute of Standards and Technology (NIST), Sun Microsystems, and others.

The CAM OASIS Standard and the archives of the OASIS CAM Technical Committee work are publicly accessible. OASIS hosts the cam-dev mailing list for exchanging information on implementing the standard.

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Connect with OASIS

News by Year

Testimonials

Cybersecurity is one of the greatest challenges our modern society faces and requires a coordinated approach to succeed. Under OASIS leadership, we see an opportunity to better organize the good guys to fight cybercriminals by sharing cyber threat intelligence data in an automated and efficient data standard.

As a Sponsor of the OASIS CTI Technical Committee, we are delighted to be at the forefront of advancing critically important standards like STIX, TAXII and CybOX. By creating protocols that address how to best model, analyze, and share cyber threat intelligence, we can provide greater support to overwhelmed security professionals.

Soltra is proud to be a member of the OASIS CTI Technical Committee. Our threat information sharing solution, Soltra Edge, was built leveraging STIX, TAXII, and Cybox – key standards within the industry. We look forward to contributing to CTI as we continue to establish and maintain open standards, while improving cyber security capabilities and reducing workload.

Open standards and community sharing are vital components of a successful and effective fight against cybercrime. Our goal is to make Threat Intelligence, from a variety of sources, timely and actionable.

Focusing on standardizing threat intelligence technologies to keep sensitive government and corporate information secure is paramount to the mission of OASIS and its members. At ViaSat, we take a comprehensive approach to cybersecurity, from identifying potential cyber and physical security vulnerabilities to designing and implementing a plan that leverages big data analytics, intuitive visualization and intelligent automation to keep pace with evolving threats no matter where data resides on the network or how it is accessed.

iSIGHT Partners, creator of the commercial cyber threat intelligence category, understands how security organizations can gain the advantage over adversaries by using threat intelligence across their security and risk management program. As an early contributor and enabler of STIX, we welcome the opportunity to join with OASIS to further develop CTI standards and accelerate the adoption of context rich threat intelligence.

At OASIS, you don't have to be a large vendor to influence work. Of all the standards bodies we’ve participated in, OASIS is the only one we recommend with no hesitation. It is a group that simply works.

We are proud to support the work OASIS is doing to advance their cybersecurity specifications and promote information sharing, a critical factor in today's security posture. By sharing details about malicious incidents quickly, not only between the public and private sectors, but across industry lines within the private sector as well, we can work together to better defend ourselves and stay ahead of the hackers.

STIX and TAXII in particular are important initiatives towards next generation threat intelligence. Using the same terms, data streams, and threat modeling methods will help researchers, vendors, and law enforcement alike share information back and forth to stay abreast or even ahead of threat actor groups. We are pleased to contribute to this and more through OASIS.

We have long been committed to any advances that can better enable the sharing of threat intelligence among security professionals. Until now, organizations have been hampered by a lack of common standards and the tendency for security information to be siloed. We strongly support this important endeavor and look forward to contributing to the standardization being led by OASIS.

NEC is very pleased to be part of the CTI Technical Committee and continues to drive CTI adoption with industry partnerships to benefit customers. NEC believes that threat intelligence standards are crucial for proactively countering the cyber threat. We are excited about the formation of CTI TC and support its efforts through its contributing to and promotion of this global standard.

We have been advocates of STIX, TAXII and CybOx for some time. OASIS as an international standards checkpoint will undoubtedly improve threat intelligence sharing amongst partners by facilitating the exchange of computer-readable threat information.

Development of an industry-wide standards framework for cyber threat intelligence is crucial for the information security industry to be able to define and share threats. New Context is a proud sponsor of OASIS and believes strongly in open and transparent standards frameworks development. We look forward to collaborating on the next standards for STIX, CybOX and TAXII.

I always encourage vendors with products related to access control, security, or cloud computing to join the appropriate OASIS Technical Committees and contribute to the standards work. We all benefit that way.